A new article published recently on the blog of Greg Beaver's comparing strings in php with the = = operator mentions the issue of the PHP = = operator when comparing strings.
In some cases, PHP converts class numeric data, such as strings containing numbers, to numeric processing, and the = = operator is one of them. When you use the = = operator to loosely compare two strings, PHP converts the string of a class value to a numeric value for comparison, and the following experiment confirms the conclusion:
var_dump('01' == 1);
?>
The above code outputs the result:
BOOL (TRUE)
Therefore, when comparing strings, it is recommended to use the = = = Operator for strict checking of strings, or to use functions such as strcmp () to avoid possible problems. This is also explained in the PHP manual, "PHP type comparison table".
In addition, the commonly used In_array () function also has a weak type of problem, see the following code:
var_dump(in_array('01', array('1')));
?>
The above code outputs the result:
BOOL (TRUE)
Do the PHP programmers who believe that the function is being checked for security know what kind of security problems this will produce? Fortunately the In_array () function gives us the third argument, set it to true to open the In_array () function's coercion type checking mechanism, as shown in the following code:
var_dump(in_array('01', array('1'), true));
?>
The output is:
BOOL (FALSE)
Since PHP is a weakly typed language, the concept of data type is weakened in PHP. Thus, if the data type is too neglected during programming (which is the common problem of most PHP programmers), there are some problems, even a security hole. Finally, the sentence is very annoying and annoying, the foreign data are strictly checked and filtered.
http://www.bkjia.com/PHPjc/317213.html www.bkjia.com true http://www.bkjia.com/PHPjc/317213.html techarticle a new article recently published on the blog of Greg Beaver's comparing strings in php with the = = operator mentions the question of the PHP = = operator when comparing strings ...